When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2021-11-03T00:03:56
Updated: 2024-08-04T01:44:22.943Z
Reserved: 2021-08-10T00:00:00
Link: CVE-2021-38492
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-03T01:15:07.200
Modified: 2022-12-09T19:19:12.667
Link: CVE-2021-38492
Redhat